JS:Includer-FR [Trj] ...constant (several per second) detections

[deemo119]

Still non-stop detections of this Trojan, probably a couple thousand this morning... has anyone seen this?

[essexboy]

Let me know if this clears it please

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  
  

Code: [Select]

:OTL
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3612433894-2427630151-739255536-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]

• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

[deemo119]

I was excited for a minute, after the reboot there were no detections for 5 min or so, then they started back up.  Here's the new OTL log, and also the log that popped up after rebooting.   What if I just went back to a restore point prior to a couple days ago??

[essexboy]

Yes try a restore point from a few days ago, but you will need to disable Avast self protection.  Screenshot below.  If that fails to remove it will need to check autorun entries

 

[deemo119]

What exactly is the avast self-defense module?  And could this "Trojan" be some kind of false positive?  I'm wondering if it's really a real issue.  Did you see something in the logs that points to me having an actual problem?  Thanks again...

[essexboy]

This shows the characteristics of a recent Java exploit, however it did not have the usual traces.  You need to turn off self defence as when you restore Avast will be broken

[Pondus]

What exactly is the avast self-defense module?

many malware will try to turn off / disable your AV

[deemo119]

Crap.  I did a restore point to last Thursday.  Everything looked fine.  I've been using my computer for the past couple hours, then all the sudden the constant detections started up again (same Trojan).... UGH. 

[Pondus]

attach a screenshot of the detection.....

then run a new OTL diagnostic log....

Essexboy will be back tomorrow and check the log

[deemo119]

Here is a screenshot of the detection that occurs every half-second or so.

By the way, does anyone know if this JS:Includer-FR is an actual issue??  Or some sort of false positive from Avast???

And I'm not 100% certain but I believe this started right after a new version of Avast was downloaded... my Avast interface looks drastically different and I now apparently went from the free version to the PRO ANTIVIRUS trial... is there a way of going back to the plain'ol free version?

[Pondus]

I now apparently went from the free version to the PRO ANTIVIRUS trial.

yes that seems to happen when using system restore.....dont know why

i guess you need to reinstall, but i would wait with that until essexboy is done..

[deemo119]

This is literally driving me insane... and something in my gut tells me it's not even a real issue but something to do with the new Avast version causing a false positive... I have program version 8.0.1455, engine version 130410-2, released 4/10/13 4:54PM.  The restore point I did was back to last Thurs (4/11).

[essexboy]

If it was a false positive then you would not be the only one

The Avast popup shows that is being generated by an E-mail on your system

Could you empty your deleted e-mail folder and any other e-mails you no longer need

[deemo119]

Oh, interesting... well I assume it's an email that's come in since this started, right?  I mean I have thousands of older emails that I need to keep for business records.

[deemo119]

...actually I have quite a lot of emails from the past few days, is there a way for me to narrow it down?  Thanks!